Synthetic identity fraud and identity fraud in general were the costliest kinds of fraud that U.S. ecommerce merchants suffered during 2021, as the incidence and total cost of online fraud continues to rise. This kind of fraud harms merchants but it also creates serious problems for the victims whose identities were stolen to create fake accounts. A recent Javelin Research report finds that increasingly, those identity-theft victims are children. This kind of identity theft can be costly for families to remediate—and for merchants whose stores are targeted, it creates a new set of reputational risks.
Here’s what ecommerce sellers need to know about how synthetic identity fraud is changing, what the risks are and how to fight it.
The rising cost of ecommerce identity fraud
Identity fraud attacks against US ecommerce merchants accounted for 30% of fraud losses in 2021, making it the largest category of fraud losses, ahead of friendly fraud, ATO, shipping and return fraud, per LexisNexis Risk Solutions’ 2021 True Cost of Fraud report. The report also found indications that criminals are more often using email addresses and phone numbers obtained from data breaches to create synthetic identities—false personas that use a mix of stolen and made-up data to create accounts with banks and merchants.
The problem of synthetic identity fraud has accelerated since the start of the pandemic, as fraudsters exploited people’s fears to phish login credentials and then used them to create new identities. In 2020 alone, nearly half of Americans (47%) were victims of some form of financial identity theft, according to Aite Group research. Because identity fraud has become so common, and because each dollar of fraud now costs U.S. ecommerce merchants $3.90 in related costs, it’s not a surprise that the report also found that customer identity verification is the primary challenge for ecommerce retailers.
Well-designed fraud screening programs can separate orders by even well-camouflaged fraudsters from those of legitimate customers to limit losses. They can also avoid false positives that turn away good customers, often for good. ClearSale’s 2021 State of Consumer Attitudes, Fraud & CX survey found that 40% of consumers in 5 countries won’t shop again with a merchant that declines their online order. 34% will make a negative social media post about the merchant, as well. So, it’s important for merchants to provide both excellent fraud control and frictionless customer experience.
An increase in thefts of children’s personal data
At the same time, authorities and analysts report growth in the number of criminals targeting children and teenagers online to steal their personal information for use in fraud. A Javelin Research report released in November found that in the U.S. alone, child identity fraud costs families almost $1 billion per year, with 1.25 million children victimized in the previous year.
Contributing factors in the rise of child ID theft include social media use by children and teens, where data breaches and phishing lead to 1 in 50 children in the U.S. becoming identity-fraud victims. Another major factor is poor data security in school districts across the country. Criminals have realized that they can target district systems to steal students’ Social Security numbers, birthdates, parents’ personal information, and—in at least one recent breach in Dallas—students’ health and medical details as well.
NBC News in September reported that student data was for sale on the dark web from at least 1,200 U.S. elementary, middle and high schools, posing the risk of “a lifetime of potential identity theft.” Ransomware is part of the problem. NBC highlighted the case of one school district on the Texas-Mexico border that was hit by a ransomware attack that resulted in detailed information—including names, immigration status, family income level and learning disability screening results—appearing online.
Synthetic identity fraud’s damage to families and businesses
Making matters worse for young ID theft victims, Javelin notes that the damage can take years to discover. In some cases, it may not be found until the victim is an adult and applies for credit. The Javelin report found that the average cost to families when a child’s identity is stolen is more than $1,000.
In addition to the $3.90 that each dollar of fraud costs ecommerce merchants, those whose stores are hit with synthetic identity fraud based on children’s data may also be at reputational risk when the fraud is finally discovered by families. In the ClearSale consumer attitude survey, 84% of respondents said they would never shop again with a merchant whose website allowed fraud with their payment data. It’s reasonable to assume that parent would have roughly the same reaction if their children’s data were involved.
Steps merchants can take to prevent identity fraud on their websites
How merchants can implement fraud controls that meet the challenges of detecting synthetic identity fraud to protect their revenue, maintain their brand reputation with families and help protect children from exploitation by fraudsters?
- Start with machine-learning fraud assessment that looks at behavioral biometrics, customer data, recency of accounts and other signals to separate cleverly designed synthetic identities from good customers.
- Add manual review of flagged orders instead of automatic rejections. This can help prevent false declines that send customers away for good, and the results can go back into the machine-learning system to make it more accurate over time.
- Secure your store’s customer information, and only store the data that’s absolutely necessary. This can reduce your customers’ exposure in case of a breach.
- Keep your store’s data backed up on a separate system so you can restore your site in case of a ransomware attack.
- Build and regularly review your store’s plan to respond in case of a data breach, including communication plans with law enforcement and your customers.
By keeping fraudsters out of your store and criminals out of your customer data, you can prevent expensive chargebacks, maintain good relationships with your loyal customers, and protect your customers and your brand.